Function Identification in Reverse Engineering of IoT Devices

September 15, 2020 | Mina Hao

This document dwells upon function identification and symbol porting in reverse engineering of Internet of things (IoT) devices without using BinDiff and PatchDiff2, which are “too good” for the purposes here and are inapplicable in certain scenarios. Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo […]

Botnet Trend Report 2019-10

September 14, 2020 | Mina Hao

Adware For many years, large grey software supply chains on the Internet have been showing their own prowess for self-promotion. A specific piece of software is often bundled with unnecessary software, even malware, during the download and installation.

Future cyber security protection: reflection from the ups and downs of Covid-19-2

September 13, 2020 | Mina Hao

Biological virus and computer virus share similarities in some characters such as transmissibility. From the solutions to the COVID-19, we can learn the gain and loss of cyber security defense and protection, analyze the new trends and techniques and come up with the new ideas of defense and protection against attacks in the cyber security […]

Future cyber security protection: reflection from the ups and downs of Covid-19-1

September 12, 2020 | Mina Hao

2020 is almost halfway through, it is indeed a troubled period. Covid-19 swept all over the world in just a few months. The epidemic continues to spread and repeat, and has also changed many people’s inherent perceptions, including health care, public safety, organizational mobilization, economics and politics. The concept of computer virus is derived from […]

2020 H1 Cybersecurity Trends

September 11, 2020 | Mina Hao

01 Overview of the Vulnerability Trend In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, etc. […]

Struts S2-059, S2-060 Vulnerabilities (CVE-2019-0230, CVE-2019-0233) Threat Alert

September 11, 2020 | Mina Hao

Overview On August 13, 2020, Beijing time, Struts issued a new security bulletin to announce the fix of two vulnerabilities. S2-059 (CVE-2019-0230) is a possible remote code execution vulnerability, and S2-060 (CVE-2019-0233) is a denial-of-service vulnerability. The two vulnerabilities were fixed in Struts 2.5.22 released in November 2019. Users are advised to upgrade as soon […]

2019 Cybersecurity Insights -20

September 9, 2020 | Mina Hao

According to the analysis of geographic distribution of IPv6 attack sources, China had the largest proportion of attack sources (86.76%), followed by the USA (3.97%) and Romania (0.77%).

Update New Nginx Threat Backdoor Alert

September 8, 2020 | Mina Hao

Overview This is an update advisory. For details, please see “Verification Method”-“Local Verification”. On July 16, 2020, Beijing time, a competitor published an article stating that it captured a new Nginx backdoor recently which could bypass antivirus software. By the time this advisory is released, the backdoor had not been detected by any antivirus software […]

Botnet Trend Report 2019-9

September 7, 2020 | Mina Hao

Overview In 2019, banking Trojans frequently launched attacks via the multilevel free technology, posing a severe threat to enterprises and public sectors. Spam was still the main propagation method. Attackers collected a great number of email addresses against which they launched phishing attacks. In 2019,NSFOCUS Security Labs captured and tracked such banking Trojans as Emotet, […]

WebSphere Remote Code Execution Vulnerability (CVE-2020-4534) Threat Alert

September 4, 2020 | Mina Hao

1. Vulnerability Description On July 31, 2020, Beijing time, IBM released a security bulletin which addressed a remote code execution vulnerability (CVE-2020-4534) in WebSphere Application Server (WAS). The vulnerability is caused by improper handling of UNC paths. An authenticated local attacker could exploit the vulnerability to execute arbitrary code. The vulnerability has a CVSS score […]